2002-08-27 20:57:26 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
*
|
|
|
|
* Utility routines for SQL dumping
|
2016-03-24 20:55:44 +01:00
|
|
|
*
|
|
|
|
* Basically this is stuff that is useful in both pg_dump and pg_dumpall.
|
2003-05-31 00:55:16 +02:00
|
|
|
*
|
2002-08-27 20:57:26 +02:00
|
|
|
*
|
2016-01-02 19:33:40 +01:00
|
|
|
* Portions Copyright (c) 1996-2016, PostgreSQL Global Development Group
|
2002-08-27 20:57:26 +02:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
|
|
*
|
2010-09-20 22:08:53 +02:00
|
|
|
* src/bin/pg_dump/dumputils.c
|
2002-08-27 20:57:26 +02:00
|
|
|
*
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
#include "postgres_fe.h"
|
|
|
|
|
|
|
|
#include "dumputils.h"
|
2016-03-24 20:55:44 +01:00
|
|
|
#include "fe_utils/string_utils.h"
|
2002-08-27 20:57:26 +02:00
|
|
|
|
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
#define supports_grant_options(version) ((version) >= 70400)
|
|
|
|
|
2009-01-22 21:16:10 +01:00
|
|
|
static bool parseAclItem(const char *item, const char *type,
|
|
|
|
const char *name, const char *subname, int remoteVersion,
|
|
|
|
PQExpBuffer grantee, PQExpBuffer grantor,
|
2003-08-04 02:43:34 +02:00
|
|
|
PQExpBuffer privs, PQExpBuffer privswgo);
|
2003-07-31 19:21:57 +02:00
|
|
|
static char *copyAclUserName(PQExpBuffer output, char *input);
|
2009-01-22 21:16:10 +01:00
|
|
|
static void AddAcl(PQExpBuffer aclbuf, const char *keyword,
|
2009-06-11 16:49:15 +02:00
|
|
|
const char *subname);
|
2004-01-07 01:44:21 +01:00
|
|
|
|
|
|
|
|
2003-05-31 00:55:16 +02:00
|
|
|
/*
|
|
|
|
* Build GRANT/REVOKE command(s) for an object.
|
|
|
|
*
|
|
|
|
* name: the object name, in the form to use in the commands (already quoted)
|
2009-01-22 21:16:10 +01:00
|
|
|
* subname: the sub-object name, if any (already quoted); NULL if none
|
2003-05-31 00:55:16 +02:00
|
|
|
* type: the object type (as seen in GRANT command: must be one of
|
2010-02-18 02:29:10 +01:00
|
|
|
* TABLE, SEQUENCE, FUNCTION, LANGUAGE, SCHEMA, DATABASE, TABLESPACE,
|
|
|
|
* FOREIGN DATA WRAPPER, SERVER, or LARGE OBJECT)
|
2003-05-31 00:55:16 +02:00
|
|
|
* acls: the ACL string fetched from the database
|
2005-12-03 22:06:18 +01:00
|
|
|
* owner: username of object owner (will be passed through fmtId); can be
|
|
|
|
* NULL or empty string to indicate "no owner known"
|
2009-10-05 21:24:49 +02:00
|
|
|
* prefix: string to prefix to each generated command; typically empty
|
2003-05-31 00:55:16 +02:00
|
|
|
* remoteVersion: version of database
|
|
|
|
*
|
|
|
|
* Returns TRUE if okay, FALSE if could not parse the acl string.
|
|
|
|
* The resulting commands (if any) are appended to the contents of 'sql'.
|
|
|
|
*
|
2009-10-05 21:24:49 +02:00
|
|
|
* Note: when processing a default ACL, prefix is "ALTER DEFAULT PRIVILEGES "
|
|
|
|
* or something similar, and name is an empty string.
|
|
|
|
*
|
2009-01-22 21:16:10 +01:00
|
|
|
* Note: beware of passing a fmtId() result directly as 'name' or 'subname',
|
|
|
|
* since this routine uses fmtId() internally.
|
2003-05-31 00:55:16 +02:00
|
|
|
*/
|
|
|
|
bool
|
2009-01-22 21:16:10 +01:00
|
|
|
buildACLCommands(const char *name, const char *subname,
|
|
|
|
const char *type, const char *acls, const char *owner,
|
2009-10-05 21:24:49 +02:00
|
|
|
const char *prefix, int remoteVersion,
|
2003-05-31 00:55:16 +02:00
|
|
|
PQExpBuffer sql)
|
|
|
|
{
|
2015-02-12 00:35:23 +01:00
|
|
|
bool ok = true;
|
2003-07-31 19:21:57 +02:00
|
|
|
char **aclitems;
|
|
|
|
int naclitems;
|
|
|
|
int i;
|
2003-08-04 02:43:34 +02:00
|
|
|
PQExpBuffer grantee,
|
|
|
|
grantor,
|
|
|
|
privs,
|
|
|
|
privswgo;
|
|
|
|
PQExpBuffer firstsql,
|
|
|
|
secondsql;
|
2003-05-31 00:55:16 +02:00
|
|
|
bool found_owner_privs = false;
|
|
|
|
|
|
|
|
if (strlen(acls) == 0)
|
|
|
|
return true; /* object has default permissions */
|
|
|
|
|
2005-12-03 22:06:18 +01:00
|
|
|
/* treat empty-string owner same as NULL */
|
|
|
|
if (owner && *owner == '\0')
|
|
|
|
owner = NULL;
|
|
|
|
|
2004-01-07 01:44:21 +01:00
|
|
|
if (!parsePGArray(acls, &aclitems, &naclitems))
|
2003-07-31 19:21:57 +02:00
|
|
|
{
|
|
|
|
if (aclitems)
|
|
|
|
free(aclitems);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2003-05-31 00:55:16 +02:00
|
|
|
grantee = createPQExpBuffer();
|
|
|
|
grantor = createPQExpBuffer();
|
|
|
|
privs = createPQExpBuffer();
|
|
|
|
privswgo = createPQExpBuffer();
|
2003-08-04 02:43:34 +02:00
|
|
|
|
2003-07-24 17:52:53 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* At the end, these two will be pasted together to form the result. But
|
|
|
|
* the owner privileges need to go before the other ones to keep the
|
2014-05-06 18:12:18 +02:00
|
|
|
* dependencies valid. In recent versions this is normally the case, but
|
2005-10-15 04:49:52 +02:00
|
|
|
* in old versions they come after the PUBLIC privileges and that results
|
|
|
|
* in problems if we need to run REVOKE on the owner privileges.
|
2003-07-24 17:52:53 +02:00
|
|
|
*/
|
|
|
|
firstsql = createPQExpBuffer();
|
|
|
|
secondsql = createPQExpBuffer();
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Always start with REVOKE ALL FROM PUBLIC, so that we don't have to
|
|
|
|
* wire-in knowledge about the default public privileges for different
|
|
|
|
* kinds of objects.
|
|
|
|
*/
|
2009-10-05 21:24:49 +02:00
|
|
|
appendPQExpBuffer(firstsql, "%sREVOKE ALL", prefix);
|
2009-01-22 21:16:10 +01:00
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(firstsql, "(%s)", subname);
|
|
|
|
appendPQExpBuffer(firstsql, " ON %s %s FROM PUBLIC;\n", type, name);
|
2003-05-31 00:55:16 +02:00
|
|
|
|
2007-01-04 18:49:37 +01:00
|
|
|
/*
|
|
|
|
* We still need some hacking though to cover the case where new default
|
|
|
|
* public privileges are added in new versions: the REVOKE ALL will revoke
|
|
|
|
* them, leading to behavior different from what the old version had,
|
2007-11-15 22:14:46 +01:00
|
|
|
* which is generally not what's wanted. So add back default privs if the
|
|
|
|
* source database is too old to have had that particular priv.
|
2007-01-04 18:49:37 +01:00
|
|
|
*/
|
|
|
|
if (remoteVersion < 80200 && strcmp(type, "DATABASE") == 0)
|
|
|
|
{
|
|
|
|
/* database CONNECT priv didn't exist before 8.2 */
|
2009-10-05 21:24:49 +02:00
|
|
|
appendPQExpBuffer(firstsql, "%sGRANT CONNECT ON %s %s TO PUBLIC;\n",
|
|
|
|
prefix, type, name);
|
2007-01-04 18:49:37 +01:00
|
|
|
}
|
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
/* Scan individual ACL items */
|
|
|
|
for (i = 0; i < naclitems; i++)
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
2009-01-22 21:16:10 +01:00
|
|
|
if (!parseAclItem(aclitems[i], type, name, subname, remoteVersion,
|
2003-05-31 00:55:16 +02:00
|
|
|
grantee, grantor, privs, privswgo))
|
2012-06-03 17:52:52 +02:00
|
|
|
{
|
2015-02-12 00:35:23 +01:00
|
|
|
ok = false;
|
|
|
|
break;
|
2012-06-03 17:52:52 +02:00
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
if (grantor->len == 0 && owner)
|
|
|
|
printfPQExpBuffer(grantor, "%s", owner);
|
|
|
|
|
|
|
|
if (privs->len > 0 || privswgo->len > 0)
|
|
|
|
{
|
2003-07-24 17:52:53 +02:00
|
|
|
if (owner
|
|
|
|
&& strcmp(grantee->data, owner) == 0
|
|
|
|
&& strcmp(grantor->data, owner) == 0)
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
2003-07-24 17:52:53 +02:00
|
|
|
found_owner_privs = true;
|
2003-08-04 02:43:34 +02:00
|
|
|
|
2003-05-31 00:55:16 +02:00
|
|
|
/*
|
2003-08-04 02:43:34 +02:00
|
|
|
* For the owner, the default privilege level is ALL WITH
|
|
|
|
* GRANT OPTION (only ALL prior to 7.4).
|
2003-05-31 00:55:16 +02:00
|
|
|
*/
|
2003-07-24 17:52:53 +02:00
|
|
|
if (supports_grant_options(remoteVersion)
|
|
|
|
? strcmp(privswgo->data, "ALL") != 0
|
|
|
|
: strcmp(privs->data, "ALL") != 0)
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
2009-10-05 21:24:49 +02:00
|
|
|
appendPQExpBuffer(firstsql, "%sREVOKE ALL", prefix);
|
2009-01-22 21:16:10 +01:00
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(firstsql, "(%s)", subname);
|
|
|
|
appendPQExpBuffer(firstsql, " ON %s %s FROM %s;\n",
|
|
|
|
type, name, fmtId(grantee->data));
|
2003-05-31 00:55:16 +02:00
|
|
|
if (privs->len > 0)
|
2009-01-22 21:16:10 +01:00
|
|
|
appendPQExpBuffer(firstsql,
|
2009-10-05 21:24:49 +02:00
|
|
|
"%sGRANT %s ON %s %s TO %s;\n",
|
|
|
|
prefix, privs->data, type, name,
|
2003-05-31 00:55:16 +02:00
|
|
|
fmtId(grantee->data));
|
|
|
|
if (privswgo->len > 0)
|
2009-01-22 21:16:10 +01:00
|
|
|
appendPQExpBuffer(firstsql,
|
2010-02-26 03:01:40 +01:00
|
|
|
"%sGRANT %s ON %s %s TO %s WITH GRANT OPTION;\n",
|
2009-10-05 21:24:49 +02:00
|
|
|
prefix, privswgo->data, type, name,
|
2003-05-31 00:55:16 +02:00
|
|
|
fmtId(grantee->data));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Otherwise can assume we are starting from no privs.
|
|
|
|
*/
|
2003-07-24 17:52:53 +02:00
|
|
|
if (grantor->len > 0
|
|
|
|
&& (!owner || strcmp(owner, grantor->data) != 0))
|
|
|
|
appendPQExpBuffer(secondsql, "SET SESSION AUTHORIZATION %s;\n",
|
|
|
|
fmtId(grantor->data));
|
|
|
|
|
2003-05-31 00:55:16 +02:00
|
|
|
if (privs->len > 0)
|
|
|
|
{
|
2009-10-05 21:24:49 +02:00
|
|
|
appendPQExpBuffer(secondsql, "%sGRANT %s ON %s %s TO ",
|
|
|
|
prefix, privs->data, type, name);
|
2003-05-31 00:55:16 +02:00
|
|
|
if (grantee->len == 0)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(secondsql, "PUBLIC;\n");
|
2003-05-31 00:55:16 +02:00
|
|
|
else if (strncmp(grantee->data, "group ",
|
|
|
|
strlen("group ")) == 0)
|
2003-07-24 17:52:53 +02:00
|
|
|
appendPQExpBuffer(secondsql, "GROUP %s;\n",
|
2005-10-15 04:49:52 +02:00
|
|
|
fmtId(grantee->data + strlen("group ")));
|
2003-05-31 00:55:16 +02:00
|
|
|
else
|
2003-07-24 17:52:53 +02:00
|
|
|
appendPQExpBuffer(secondsql, "%s;\n", fmtId(grantee->data));
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
if (privswgo->len > 0)
|
|
|
|
{
|
2009-10-05 21:24:49 +02:00
|
|
|
appendPQExpBuffer(secondsql, "%sGRANT %s ON %s %s TO ",
|
|
|
|
prefix, privswgo->data, type, name);
|
2003-05-31 00:55:16 +02:00
|
|
|
if (grantee->len == 0)
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(secondsql, "PUBLIC");
|
2003-05-31 00:55:16 +02:00
|
|
|
else if (strncmp(grantee->data, "group ",
|
|
|
|
strlen("group ")) == 0)
|
2003-07-24 17:52:53 +02:00
|
|
|
appendPQExpBuffer(secondsql, "GROUP %s",
|
2005-10-15 04:49:52 +02:00
|
|
|
fmtId(grantee->data + strlen("group ")));
|
2003-05-31 00:55:16 +02:00
|
|
|
else
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(secondsql, fmtId(grantee->data));
|
|
|
|
appendPQExpBufferStr(secondsql, " WITH GRANT OPTION;\n");
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
2003-07-24 17:52:53 +02:00
|
|
|
|
|
|
|
if (grantor->len > 0
|
|
|
|
&& (!owner || strcmp(owner, grantor->data) != 0))
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(secondsql, "RESET SESSION AUTHORIZATION;\n");
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* If we didn't find any owner privs, the owner must have revoked 'em all
|
2003-05-31 00:55:16 +02:00
|
|
|
*/
|
|
|
|
if (!found_owner_privs && owner)
|
2009-01-22 21:16:10 +01:00
|
|
|
{
|
2009-10-05 21:24:49 +02:00
|
|
|
appendPQExpBuffer(firstsql, "%sREVOKE ALL", prefix);
|
2009-01-22 21:16:10 +01:00
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(firstsql, "(%s)", subname);
|
|
|
|
appendPQExpBuffer(firstsql, " ON %s %s FROM %s;\n",
|
2003-05-31 00:55:16 +02:00
|
|
|
type, name, fmtId(owner));
|
2009-01-22 21:16:10 +01:00
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
destroyPQExpBuffer(grantee);
|
|
|
|
destroyPQExpBuffer(grantor);
|
|
|
|
destroyPQExpBuffer(privs);
|
|
|
|
destroyPQExpBuffer(privswgo);
|
|
|
|
|
2003-07-24 17:52:53 +02:00
|
|
|
appendPQExpBuffer(sql, "%s%s", firstsql->data, secondsql->data);
|
|
|
|
destroyPQExpBuffer(firstsql);
|
|
|
|
destroyPQExpBuffer(secondsql);
|
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
free(aclitems);
|
|
|
|
|
2015-02-12 00:35:23 +01:00
|
|
|
return ok;
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
|
2009-10-05 21:24:49 +02:00
|
|
|
/*
|
|
|
|
* Build ALTER DEFAULT PRIVILEGES command(s) for single pg_default_acl entry.
|
|
|
|
*
|
2009-10-13 01:41:45 +02:00
|
|
|
* type: the object type (TABLES, FUNCTIONS, etc)
|
2009-10-05 21:24:49 +02:00
|
|
|
* nspname: schema name, or NULL for global default privileges
|
|
|
|
* acls: the ACL string fetched from the database
|
|
|
|
* owner: username of privileges owner (will be passed through fmtId)
|
|
|
|
* remoteVersion: version of database
|
|
|
|
*
|
|
|
|
* Returns TRUE if okay, FALSE if could not parse the acl string.
|
|
|
|
* The resulting commands (if any) are appended to the contents of 'sql'.
|
|
|
|
*/
|
|
|
|
bool
|
|
|
|
buildDefaultACLCommands(const char *type, const char *nspname,
|
|
|
|
const char *acls, const char *owner,
|
|
|
|
int remoteVersion,
|
|
|
|
PQExpBuffer sql)
|
|
|
|
{
|
|
|
|
bool result;
|
|
|
|
PQExpBuffer prefix;
|
|
|
|
|
|
|
|
prefix = createPQExpBuffer();
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We incorporate the target role directly into the command, rather than
|
2014-05-06 18:12:18 +02:00
|
|
|
* playing around with SET ROLE or anything like that. This is so that a
|
2010-02-26 03:01:40 +01:00
|
|
|
* permissions error leads to nothing happening, rather than changing
|
|
|
|
* default privileges for the wrong user.
|
2009-10-05 21:24:49 +02:00
|
|
|
*/
|
|
|
|
appendPQExpBuffer(prefix, "ALTER DEFAULT PRIVILEGES FOR ROLE %s ",
|
|
|
|
fmtId(owner));
|
|
|
|
if (nspname)
|
|
|
|
appendPQExpBuffer(prefix, "IN SCHEMA %s ", fmtId(nspname));
|
|
|
|
|
|
|
|
result = buildACLCommands("", NULL,
|
|
|
|
type, acls, owner,
|
|
|
|
prefix->data, remoteVersion,
|
|
|
|
sql);
|
|
|
|
|
|
|
|
destroyPQExpBuffer(prefix);
|
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2003-05-31 00:55:16 +02:00
|
|
|
/*
|
2003-07-31 19:21:57 +02:00
|
|
|
* This will parse an aclitem string, having the general form
|
|
|
|
* username=privilegecodes/grantor
|
|
|
|
* or
|
|
|
|
* group groupname=privilegecodes/grantor
|
|
|
|
* (the /grantor part will not be present if pre-7.4 database).
|
|
|
|
*
|
|
|
|
* The returned grantee string will be the dequoted username or groupname
|
|
|
|
* (preceded with "group " in the latter case). The returned grantor is
|
2014-05-06 18:12:18 +02:00
|
|
|
* the dequoted grantor name or empty. Privilege characters are decoded
|
2003-07-31 19:21:57 +02:00
|
|
|
* and split between privileges with grant option (privswgo) and without
|
|
|
|
* (privs).
|
2003-05-31 00:55:16 +02:00
|
|
|
*
|
|
|
|
* Note: for cross-version compatibility, it's important to use ALL when
|
|
|
|
* appropriate.
|
|
|
|
*/
|
|
|
|
static bool
|
2009-01-22 21:16:10 +01:00
|
|
|
parseAclItem(const char *item, const char *type,
|
|
|
|
const char *name, const char *subname, int remoteVersion,
|
|
|
|
PQExpBuffer grantee, PQExpBuffer grantor,
|
2003-05-31 00:55:16 +02:00
|
|
|
PQExpBuffer privs, PQExpBuffer privswgo)
|
|
|
|
{
|
|
|
|
char *buf;
|
|
|
|
bool all_with_go = true;
|
|
|
|
bool all_without_go = true;
|
|
|
|
char *eqpos;
|
|
|
|
char *slpos;
|
|
|
|
char *pos;
|
|
|
|
|
|
|
|
buf = strdup(item);
|
2006-10-10 01:30:33 +02:00
|
|
|
if (!buf)
|
|
|
|
return false;
|
2003-05-31 00:55:16 +02:00
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
/* user or group name is string up to = */
|
|
|
|
eqpos = copyAclUserName(grantee, buf);
|
|
|
|
if (*eqpos != '=')
|
2012-06-03 17:52:52 +02:00
|
|
|
{
|
|
|
|
free(buf);
|
2003-05-31 00:55:16 +02:00
|
|
|
return false;
|
2012-06-03 17:52:52 +02:00
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
/* grantor may be listed after / */
|
|
|
|
slpos = strchr(eqpos + 1, '/');
|
|
|
|
if (slpos)
|
|
|
|
{
|
2003-07-31 19:21:57 +02:00
|
|
|
*slpos++ = '\0';
|
|
|
|
slpos = copyAclUserName(grantor, slpos);
|
|
|
|
if (*slpos != '\0')
|
2012-06-03 17:52:52 +02:00
|
|
|
{
|
|
|
|
free(buf);
|
2003-07-31 19:21:57 +02:00
|
|
|
return false;
|
2012-06-03 17:52:52 +02:00
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
else
|
|
|
|
resetPQExpBuffer(grantor);
|
|
|
|
|
|
|
|
/* privilege codes */
|
|
|
|
#define CONVERT_PRIV(code, keywd) \
|
2006-01-21 03:16:21 +01:00
|
|
|
do { \
|
2003-05-31 00:55:16 +02:00
|
|
|
if ((pos = strchr(eqpos + 1, code))) \
|
|
|
|
{ \
|
|
|
|
if (*(pos + 1) == '*') \
|
|
|
|
{ \
|
2009-01-22 21:16:10 +01:00
|
|
|
AddAcl(privswgo, keywd, subname); \
|
2003-05-31 00:55:16 +02:00
|
|
|
all_without_go = false; \
|
|
|
|
} \
|
|
|
|
else \
|
|
|
|
{ \
|
2009-01-22 21:16:10 +01:00
|
|
|
AddAcl(privs, keywd, subname); \
|
2003-05-31 00:55:16 +02:00
|
|
|
all_with_go = false; \
|
|
|
|
} \
|
|
|
|
} \
|
|
|
|
else \
|
2006-01-21 03:16:21 +01:00
|
|
|
all_with_go = all_without_go = false; \
|
|
|
|
} while (0)
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
resetPQExpBuffer(privs);
|
|
|
|
resetPQExpBuffer(privswgo);
|
|
|
|
|
2009-10-13 01:41:45 +02:00
|
|
|
if (strcmp(type, "TABLE") == 0 || strcmp(type, "SEQUENCE") == 0 ||
|
|
|
|
strcmp(type, "TABLES") == 0 || strcmp(type, "SEQUENCES") == 0)
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
|
|
|
CONVERT_PRIV('r', "SELECT");
|
2006-10-04 02:30:14 +02:00
|
|
|
|
2009-10-13 01:41:45 +02:00
|
|
|
if (strcmp(type, "SEQUENCE") == 0 ||
|
|
|
|
strcmp(type, "SEQUENCES") == 0)
|
2006-01-21 03:16:21 +01:00
|
|
|
/* sequence only */
|
|
|
|
CONVERT_PRIV('U', "USAGE");
|
|
|
|
else
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
2006-01-21 03:16:21 +01:00
|
|
|
/* table only */
|
|
|
|
CONVERT_PRIV('a', "INSERT");
|
|
|
|
if (remoteVersion >= 70200)
|
|
|
|
CONVERT_PRIV('x', "REFERENCES");
|
2009-01-22 21:16:10 +01:00
|
|
|
/* rest are not applicable to columns */
|
|
|
|
if (subname == NULL)
|
|
|
|
{
|
|
|
|
if (remoteVersion >= 70200)
|
|
|
|
{
|
|
|
|
CONVERT_PRIV('d', "DELETE");
|
|
|
|
CONVERT_PRIV('t', "TRIGGER");
|
|
|
|
}
|
|
|
|
if (remoteVersion >= 80400)
|
|
|
|
CONVERT_PRIV('D', "TRUNCATE");
|
2006-01-21 03:16:21 +01:00
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
2006-01-21 03:16:21 +01:00
|
|
|
|
|
|
|
/* UPDATE */
|
2009-10-13 01:41:45 +02:00
|
|
|
if (remoteVersion >= 70200 ||
|
|
|
|
strcmp(type, "SEQUENCE") == 0 ||
|
|
|
|
strcmp(type, "SEQUENCES") == 0)
|
2006-01-21 03:16:21 +01:00
|
|
|
CONVERT_PRIV('w', "UPDATE");
|
2003-05-31 00:55:16 +02:00
|
|
|
else
|
|
|
|
/* 7.0 and 7.1 have a simpler worldview */
|
|
|
|
CONVERT_PRIV('w', "UPDATE,DELETE");
|
|
|
|
}
|
2009-10-13 01:41:45 +02:00
|
|
|
else if (strcmp(type, "FUNCTION") == 0 ||
|
|
|
|
strcmp(type, "FUNCTIONS") == 0)
|
2003-05-31 00:55:16 +02:00
|
|
|
CONVERT_PRIV('X', "EXECUTE");
|
|
|
|
else if (strcmp(type, "LANGUAGE") == 0)
|
|
|
|
CONVERT_PRIV('U', "USAGE");
|
|
|
|
else if (strcmp(type, "SCHEMA") == 0)
|
|
|
|
{
|
|
|
|
CONVERT_PRIV('C', "CREATE");
|
|
|
|
CONVERT_PRIV('U', "USAGE");
|
|
|
|
}
|
|
|
|
else if (strcmp(type, "DATABASE") == 0)
|
|
|
|
{
|
|
|
|
CONVERT_PRIV('C', "CREATE");
|
2006-04-30 23:15:33 +02:00
|
|
|
CONVERT_PRIV('c', "CONNECT");
|
2003-05-31 00:55:16 +02:00
|
|
|
CONVERT_PRIV('T', "TEMPORARY");
|
|
|
|
}
|
2004-06-18 08:14:31 +02:00
|
|
|
else if (strcmp(type, "TABLESPACE") == 0)
|
|
|
|
CONVERT_PRIV('C', "CREATE");
|
2012-12-09 06:08:23 +01:00
|
|
|
else if (strcmp(type, "TYPE") == 0 ||
|
|
|
|
strcmp(type, "TYPES") == 0)
|
|
|
|
CONVERT_PRIV('U', "USAGE");
|
2008-12-19 17:25:19 +01:00
|
|
|
else if (strcmp(type, "FOREIGN DATA WRAPPER") == 0)
|
|
|
|
CONVERT_PRIV('U', "USAGE");
|
2010-03-03 21:10:48 +01:00
|
|
|
else if (strcmp(type, "FOREIGN SERVER") == 0)
|
2008-12-19 17:25:19 +01:00
|
|
|
CONVERT_PRIV('U', "USAGE");
|
2011-01-02 05:48:11 +01:00
|
|
|
else if (strcmp(type, "FOREIGN TABLE") == 0)
|
|
|
|
CONVERT_PRIV('r', "SELECT");
|
2009-12-11 04:34:57 +01:00
|
|
|
else if (strcmp(type, "LARGE OBJECT") == 0)
|
|
|
|
{
|
|
|
|
CONVERT_PRIV('r', "SELECT");
|
|
|
|
CONVERT_PRIV('w', "UPDATE");
|
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
else
|
|
|
|
abort();
|
|
|
|
|
|
|
|
#undef CONVERT_PRIV
|
|
|
|
|
|
|
|
if (all_with_go)
|
|
|
|
{
|
|
|
|
resetPQExpBuffer(privs);
|
|
|
|
printfPQExpBuffer(privswgo, "ALL");
|
2009-01-22 21:16:10 +01:00
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(privswgo, "(%s)", subname);
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
else if (all_without_go)
|
|
|
|
{
|
|
|
|
resetPQExpBuffer(privswgo);
|
|
|
|
printfPQExpBuffer(privs, "ALL");
|
2009-01-22 21:16:10 +01:00
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(privs, "(%s)", subname);
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
free(buf);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
/*
|
|
|
|
* Transfer a user or group name starting at *input into the output buffer,
|
|
|
|
* dequoting if needed. Returns a pointer to just past the input name.
|
|
|
|
* The name is taken to end at an unquoted '=' or end of string.
|
|
|
|
*/
|
|
|
|
static char *
|
|
|
|
copyAclUserName(PQExpBuffer output, char *input)
|
|
|
|
{
|
|
|
|
resetPQExpBuffer(output);
|
2003-08-14 16:19:11 +02:00
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
while (*input && *input != '=')
|
|
|
|
{
|
2004-08-29 07:07:03 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* If user name isn't quoted, then just add it to the output buffer
|
2004-08-29 07:07:03 +02:00
|
|
|
*/
|
2003-07-31 19:21:57 +02:00
|
|
|
if (*input != '"')
|
|
|
|
appendPQExpBufferChar(output, *input++);
|
|
|
|
else
|
|
|
|
{
|
2004-06-18 08:14:31 +02:00
|
|
|
/* Otherwise, it's a quoted username */
|
2003-07-31 19:21:57 +02:00
|
|
|
input++;
|
2003-08-14 16:19:11 +02:00
|
|
|
/* Loop until we come across an unescaped quote */
|
|
|
|
while (!(*input == '"' && *(input + 1) != '"'))
|
2003-07-31 19:21:57 +02:00
|
|
|
{
|
|
|
|
if (*input == '\0')
|
2003-08-04 02:43:34 +02:00
|
|
|
return input; /* really a syntax error... */
|
|
|
|
|
2003-07-31 19:21:57 +02:00
|
|
|
/*
|
2005-10-15 04:49:52 +02:00
|
|
|
* Quoting convention is to escape " as "". Keep this code in
|
|
|
|
* sync with putid() in backend's acl.c.
|
2003-07-31 19:21:57 +02:00
|
|
|
*/
|
2003-08-14 16:19:11 +02:00
|
|
|
if (*input == '"' && *(input + 1) == '"')
|
|
|
|
input++;
|
2003-07-31 19:21:57 +02:00
|
|
|
appendPQExpBufferChar(output, *input++);
|
|
|
|
}
|
|
|
|
input++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return input;
|
|
|
|
}
|
2003-05-31 00:55:16 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Append a privilege keyword to a keyword list, inserting comma if needed.
|
|
|
|
*/
|
|
|
|
static void
|
2009-01-22 21:16:10 +01:00
|
|
|
AddAcl(PQExpBuffer aclbuf, const char *keyword, const char *subname)
|
2003-05-31 00:55:16 +02:00
|
|
|
{
|
|
|
|
if (aclbuf->len > 0)
|
|
|
|
appendPQExpBufferChar(aclbuf, ',');
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(aclbuf, keyword);
|
2009-01-22 21:16:10 +01:00
|
|
|
if (subname)
|
|
|
|
appendPQExpBuffer(aclbuf, "(%s)", subname);
|
2003-05-31 00:55:16 +02:00
|
|
|
}
|
2006-10-10 01:30:33 +02:00
|
|
|
|
|
|
|
|
2011-07-20 19:18:24 +02:00
|
|
|
/*
|
|
|
|
* buildShSecLabelQuery
|
|
|
|
*
|
|
|
|
* Build a query to retrieve security labels for a shared object.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
buildShSecLabelQuery(PGconn *conn, const char *catalog_name, uint32 objectId,
|
|
|
|
PQExpBuffer sql)
|
|
|
|
{
|
|
|
|
appendPQExpBuffer(sql,
|
|
|
|
"SELECT provider, label FROM pg_catalog.pg_shseclabel "
|
|
|
|
"WHERE classoid = '%s'::pg_catalog.regclass AND "
|
|
|
|
"objoid = %u", catalog_name, objectId);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* emitShSecLabels
|
|
|
|
*
|
|
|
|
* Format security label data retrieved by the query generated in
|
|
|
|
* buildShSecLabelQuery.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
emitShSecLabels(PGconn *conn, PGresult *res, PQExpBuffer buffer,
|
|
|
|
const char *target, const char *objname)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < PQntuples(res); i++)
|
2012-06-10 21:20:04 +02:00
|
|
|
{
|
|
|
|
char *provider = PQgetvalue(res, i, 0);
|
|
|
|
char *label = PQgetvalue(res, i, 1);
|
2011-07-20 19:18:24 +02:00
|
|
|
|
|
|
|
/* must use fmtId result before calling it again */
|
|
|
|
appendPQExpBuffer(buffer,
|
|
|
|
"SECURITY LABEL FOR %s ON %s",
|
|
|
|
fmtId(provider), target);
|
|
|
|
appendPQExpBuffer(buffer,
|
|
|
|
" %s IS ",
|
|
|
|
fmtId(objname));
|
|
|
|
appendStringLiteralConn(buffer, label, conn);
|
2013-11-18 17:29:01 +01:00
|
|
|
appendPQExpBufferStr(buffer, ";\n");
|
2011-07-20 19:18:24 +02:00
|
|
|
}
|
|
|
|
}
|